Great Information Security and Awareness Event Coming In April

February 26th, 2008

There’s a great information security and privacy awareness event coming up, Internet Safety Night on April 23, 2008, 6:30-8:30 p.m.

Read the rest of this entry »

Have You Reviewed the FTC’s Proposed Privacy Principles Yet?

February 25th, 2008

If you are responsible for information security or privacy at your organization, and your organization does marketing, here is something you need to know about and discuss with your marketing folks. I blogged about this in December.

Read the rest of this entry »

Example privacy breach response plan

February 24th, 2008

Too few organizations are prepared to respond to a privacy breach when it happens. Too many naively believe a privacy breach will not happen to them.
It is helpful to look at existing privacy breach notice plans when creating your own. The U.S. government agencies actually provide some good plans you can use as examples.

Read the rest of this entry »

Educational Security Incidents Year in Review 2007

February 21st, 2008

Since I’m talking about “The Anatomy of a Privacy Breach” at Berkeley today, I thought it would be timely to point out a great resource that details the very many privacy breaches that occur within colleges and universities.

Read the rest of this entry »

The Anatomy of a Privacy Breach

February 20th, 2008

Today I’m flying from the very frigid sub-zero temps of Iowa out to the University of California at Berkeley. I was invited to give a lecture, and considering the ongoing increase in privacy breaches, I chose to talk about “The Anatomy of a Privacy Breach.”

Read the rest of this entry »

Insider Threat: Ex-Employee Takes Files To New Employer

February 19th, 2008

Here’s a good article for your files, and to point out to your legal counsel to point out the very real insider threat to information security and privacy…
A Massachusetts trial court recently ruled that the unauthorized transfer of electronic files is actionable as a conversion under Massachusetts’ common law.

Read the rest of this entry »

Have You Looked In Your Trash Bins Lately?

February 18th, 2008

It shouldn’t still amaze me, but it does, how often so many organizations just dump huge amounts of printed paper containing tons of personally identifiable information (PII) right into their dumpster sitting behind their building, in the alley, or some other easily reachable public location.
Here’s yet another example of a business throwing away people’s privacy in their trash dumpster…

Read the rest of this entry »

Identity Theft #1 Consumer Fraud Complaint To FTC in 2007

February 15th, 2008

This week the FTC released the list of the top 20 consumer fraud complaints they received in 2007.
Not surprisingly, identity theft topped their list, accounting for 32% of all the complaints.

Read the rest of this entry »

New Best Practices Guide For Building Secure Software

February 14th, 2008

Many information security incidents and privacy breaches occur as a result of exploiting vulnerabilities in poorly engineered applications and systems.
It is good to see more articles and information about how to build security into applications from the very inception of a project, and continue it through the entire applications and systems lifecycle.

Read the rest of this entry »

Phisherthieves Like Banks Best

February 13th, 2008

Here’s a pretty good mainstream news story from CNN to give to your business leaders to raise their awareness and understanding about phishing…

Read the rest of this entry »